diff --git a/src/config.rs b/src/config.rs
index 9bf98e8..242b78a 100644
--- a/src/config.rs
+++ b/src/config.rs
@@ -1,5 +1,6 @@
 use clap::{Parser, ValueEnum};
 use serde::{Deserialize, Serialize};
+use std::collections::HashMap;
 use std::env::{self, VarError};
 use std::fmt::Display;
 use std::fs;
@@ -23,12 +24,12 @@ pub struct ConfigToml {
     pub port: Option<u16>,
     pub frontend: Option<Frontend>,
     pub release_bind: Option<Vec<scancode::Linux>>,
-    pub pk_path: Option<PathBuf>,
-    pub sk_path: Option<PathBuf>,
+    pub cert_path: Option<PathBuf>,
     pub left: Option<TomlClient>,
     pub right: Option<TomlClient>,
     pub top: Option<TomlClient>,
     pub bottom: Option<TomlClient>,
+    pub authorized_fingerprints: Option<HashMap<String, String>>,
 }
 
 #[derive(Serialize, Deserialize, Debug, Eq, PartialEq)]
@@ -231,6 +232,7 @@ impl Default for Frontend {
 
 #[derive(Debug)]
 pub struct Config {
+    pub authorized_fingerprints: HashMap<String, String>,
     pub capture_backend: Option<CaptureBackend>,
     pub emulation_backend: Option<EmulationBackend>,
     pub frontend: Frontend,
@@ -291,7 +293,7 @@ impl Config {
         // --config <file> overrules default location
         let config_file = args.config.map(PathBuf::from).unwrap_or(config_file);
 
-        let config_toml = match ConfigToml::new(&config_file) {
+        let mut config_toml = match ConfigToml::new(&config_file) {
             Err(e) => {
                 log::warn!("{config_file:?}: {e}");
                 log::warn!("Continuing without config file ...");
@@ -325,9 +327,15 @@ impl Config {
 
         let cert_path = args
             .cert_path
-            .or(config_toml.as_ref().and_then(|c| c.pk_path.clone()))
+            .or(config_toml.as_ref().and_then(|c| c.cert_path.clone()))
             .unwrap_or(config_path.join(CERT_FILE_NAME));
 
+        let authorized_fingerprints = config_toml
+            .as_mut()
+            .map(|c| std::mem::take(&mut c.authorized_fingerprints))
+            .flatten()
+            .unwrap_or_default();
+
         let mut clients: Vec<(TomlClient, Position)> = vec![];
 
         if let Some(config_toml) = config_toml {
@@ -350,6 +358,7 @@ impl Config {
         let test_emulation = args.test_emulation;
 
         Ok(Config {
+            authorized_fingerprints,
             capture_backend,
             emulation_backend,
             daemon,
diff --git a/src/service.rs b/src/service.rs
index 56841db..c3e6695 100644
--- a/src/service.rs
+++ b/src/service.rs
@@ -105,7 +105,7 @@ impl Service {
 
         let service = Self {
             active: Rc::new(Cell::new(None)),
-            authorized_keys: Default::default(),
+            authorized_keys: Arc::new(RwLock::new(config.authorized_fingerprints.clone())),
             cert,
             public_key_fingerprint,
             config,